scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-24 18:25:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot_api_kernel: Do not pre-populate variables in

Browse Source 
VbVerifyMemoryBootImage

Do not use values from the header or preamble until it is known to be
good.

BUG=None
BRANCH=None
TEST=Compiles successfully and VbVerifyMemoryBootImage returns early
for images with bad values in header.

Change-Id: Ic026f49292a139e0a04c2556ca9fa62ff277b18f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/274141
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
This commit is contained in:
Furquan Shaikh
2015-05-29 18:00:46 -07:00
committed by ChromeOS Commit Bot
parent 7e21698e42
commit 04e2338857
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
firmware/lib/vboot_api_kernel.c
View File

@@ -1223,11 +1223,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
kparams->flags = 0; kparams->flags = 0;
Memset(kparams->partition_guid, 0, sizeof(kparams->partition_guid)); Memset(kparams->partition_guid, 0, sizeof(kparams->partition_guid));
/* Populate pointers to all components in the image. */
kbuf = boot_image; kbuf = boot_image;
key_block = (VbKeyBlockHeader *)kbuf;
preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size);
body_offset = key_block->key_block_size + preamble->preamble_size;
/* Read GBB Header */ /* Read GBB Header */
cparams->bmp = NULL; cparams->bmp = NULL;
@@ -1263,6 +1259,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
retval = VBERROR_INVALID_KERNEL_FOUND; retval = VBERROR_INVALID_KERNEL_FOUND;
/* Verify the key block. */ /* Verify the key block. */
key_block = (VbKeyBlockHeader *)kbuf;
if (0 != KeyBlockVerify(key_block, image_size, kernel_subkey, if (0 != KeyBlockVerify(key_block, image_size, kernel_subkey,
hash_only)) { hash_only)) {
VBDEBUG(("Verifying key block signature/hash failed.\n")); VBDEBUG(("Verifying key block signature/hash failed.\n"));
@@ -1292,6 +1289,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
} }
/* Verify the preamble, which follows the key block */ /* Verify the preamble, which follows the key block */
preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size);
if ((0 != VerifyKernelPreamble(preamble, if ((0 != VerifyKernelPreamble(preamble,
image_size - image_size -
key_block->key_block_size, key_block->key_block_size,
@@ -1303,6 +1301,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
VBDEBUG(("Kernel preamble is good.\n")); VBDEBUG(("Kernel preamble is good.\n"));
/* Verify kernel data */ /* Verify kernel data */
body_offset = key_block->key_block_size + preamble->preamble_size;
if (0 != VerifyData((const uint8_t *)(kbuf + body_offset), if (0 != VerifyData((const uint8_t *)(kbuf + body_offset),
image_size - body_offset, image_size - body_offset,
&preamble->body_signature, data_key)) { &preamble->body_signature, data_key)) {